summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2005-09-08 05:28:51 +0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-08 19:14:11 +0400
commit8920e8f94c44e31a73bdf923b04721e26e88cadd (patch)
tree7a0195643c37c63335224358256fab8cd445a671 /include
parent5aa3b610a7330c3cd6f0cb264d2189a3a1dcf534 (diff)
downloadlinux-8920e8f94c44e31a73bdf923b04721e26e88cadd.tar.xz
[PATCH] Fix 32bit sendmsg() flaw
When we copy 32bit ->msg_control contents to kernel, we walk the same userland data twice without sanity checks on the second pass. Second version of this patch: the original broke with 64-bit arches running 32-bit-compat-mode executables doing sendmsg() syscalls with unaligned CMSG data areas Another thing is that we use kmalloc() to allocate and sock_kfree_s() to free afterwards; less serious, but also needs fixing. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/compat.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/compat.h b/include/net/compat.h
index 9983fd857804..482eb820f13a 100644
--- a/include/net/compat.h
+++ b/include/net/compat.h
@@ -33,7 +33,7 @@ extern asmlinkage long compat_sys_sendmsg(int,struct compat_msghdr __user *,unsi
extern asmlinkage long compat_sys_recvmsg(int,struct compat_msghdr __user *,unsigned);
extern asmlinkage long compat_sys_getsockopt(int, int, int, char __user *, int __user *);
extern int put_cmsg_compat(struct msghdr*, int, int, int, void *);
-extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, unsigned char *,
+extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, struct sock *, unsigned char *,
int);
#endif /* NET_COMPAT_H */